- star-devel: privilege escalation

- multi-gnome-terminal: information leak
- usermin: remote shell command injection and insecure installation
- mpg123: layer 2 decoder buffer overflow

Approved by:	portmgr (implicit)

ports-mgmt/portaudit-db/database/portaudit.txt

@@ -74,3 +74,7 @@ squid>=2.5.*<2.5.6_7|http://secunia.com/advisories/12444 http://www.squid-cache.
 FreeBSD>=502120<503000|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361 http://www.securityfocus.com/bid/11051|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d
 FreeBSD>=600000<600001|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361 http://www.securityfocus.com/bid/11051|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d
 {ja-,}phpgroupware<0.9.16.003|http://secunia.com/advisories/12466 http://phpgroupware.org/ http://www.osvdb.org/9729 http://freshmeat.net/releases/171909|XSS vulnerability in phpGroupWare wiki module|64726098-00aa-11d9-81b0-000347a4fa7d
+star>=1.5.*<1.5.a.46|http://lists.berlios.de/pipermail/star-users/2004-August/000239.html http://secunia.com/advisories/12484|Vulnerability in star versions that support ssh for remote tape access|6a5b2998-01c0-11d9-81b0-000347a4fa7d
+multi-gnome-terminal<=1.6.2_1|http://www.gentoo.org/security/en/glsa/glsa-200409-10.xml http://cvs.sourceforge.net/viewcvs.py/multignometerm/multignometerm/gnome-terminal/enhanced_gui.c?r1=text&tr1=1.252&r2=text&tr2=1.253&diff_format=u http://www.osvdb.org/9752|Possible information leak in multi-gnome-terminal|cad7a2f4-01c2-11d9-81b0-000347a4fa7d
+usermin<1.090|http://secunia.com/advisories/12488 http://www.webmin.com/uchanges.html http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html http://www.osvdb.org/9775 http://www.osvdb.org/9776|Usermin remote shell command injection and insecure installation vulnerability|9ef2a3cf-01c3-11d9-81b0-000347a4fa7d
+mpg123<=0.59r_13|http://secunia.com/advisories/12478 http://www.osvdb.org/9748 http://www.alighieri.org/advisories/advisory-mpg123.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0805|mpg123 layer 2 decoder buffer overflow|780671ac-01e0-11d9-81b0-000347a4fa7d

ports-mgmt/portaudit-db/database/portaudit.xml

@@ -749,10 +749,11 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     </description>
     <references>
       <url>http://studio.imagemagick.org/pipermail/magick-users/2004-August/013218.html</url>
+      <url>http://studio.imagemagick.org/pipermail/magick-developers/2004-August/002011.html</url>
       <url>http://freshmeat.net/releases/169228</url>
       <url>http://secunia.com/advisories/12236</url>
+      <url>http://secunia.com/advisories/12479</url>
       <url>http://www.freebsd.org/ports/portaudit/f9e3e60b-e650-11d8-9b0a-000347a4fa7d.html</url>
-      <url>http://studio.imagemagick.org/pipermail/magick-developers/2004-August/002011.html</url>
     </references>
     <dates>
       <discovery>2004-08-04</discovery>
@@ -1096,6 +1097,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
       <cvename>CAN-2004-0806</cvename>
       <mlist msgid="E1C0yA3-0002cc-00@newraff.debian.org">http://lists.debian.org/debian-devel-changes/2004/08/msg03421.html</mlist>
       <bid>11075</bid>
+      <url>http://secunia.com/advisories/12481</url>
     </references>
     <dates>
       <discovery>2004-08-28</discovery>

security/portaudit-db/database/portaudit.txt

@@ -74,3 +74,7 @@ squid>=2.5.*<2.5.6_7|http://secunia.com/advisories/12444 http://www.squid-cache.
 FreeBSD>=502120<503000|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361 http://www.securityfocus.com/bid/11051|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d
 FreeBSD>=600000<600001|http://secunia.com/advisories/11129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.osvdb.org/9360 http://www.osvdb.org/9361 http://www.securityfocus.com/bid/11051|zlib DoS vulnerability|1b98165f-fdd9-11d8-81b0-000347a4fa7d
 {ja-,}phpgroupware<0.9.16.003|http://secunia.com/advisories/12466 http://phpgroupware.org/ http://www.osvdb.org/9729 http://freshmeat.net/releases/171909|XSS vulnerability in phpGroupWare wiki module|64726098-00aa-11d9-81b0-000347a4fa7d
+star>=1.5.*<1.5.a.46|http://lists.berlios.de/pipermail/star-users/2004-August/000239.html http://secunia.com/advisories/12484|Vulnerability in star versions that support ssh for remote tape access|6a5b2998-01c0-11d9-81b0-000347a4fa7d
+multi-gnome-terminal<=1.6.2_1|http://www.gentoo.org/security/en/glsa/glsa-200409-10.xml http://cvs.sourceforge.net/viewcvs.py/multignometerm/multignometerm/gnome-terminal/enhanced_gui.c?r1=text&tr1=1.252&r2=text&tr2=1.253&diff_format=u http://www.osvdb.org/9752|Possible information leak in multi-gnome-terminal|cad7a2f4-01c2-11d9-81b0-000347a4fa7d
+usermin<1.090|http://secunia.com/advisories/12488 http://www.webmin.com/uchanges.html http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html http://www.osvdb.org/9775 http://www.osvdb.org/9776|Usermin remote shell command injection and insecure installation vulnerability|9ef2a3cf-01c3-11d9-81b0-000347a4fa7d
+mpg123<=0.59r_13|http://secunia.com/advisories/12478 http://www.osvdb.org/9748 http://www.alighieri.org/advisories/advisory-mpg123.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0805|mpg123 layer 2 decoder buffer overflow|780671ac-01e0-11d9-81b0-000347a4fa7d

security/portaudit-db/database/portaudit.xml

@@ -749,10 +749,11 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     </description>
     <references>
       <url>http://studio.imagemagick.org/pipermail/magick-users/2004-August/013218.html</url>
+      <url>http://studio.imagemagick.org/pipermail/magick-developers/2004-August/002011.html</url>
       <url>http://freshmeat.net/releases/169228</url>
       <url>http://secunia.com/advisories/12236</url>
+      <url>http://secunia.com/advisories/12479</url>
       <url>http://www.freebsd.org/ports/portaudit/f9e3e60b-e650-11d8-9b0a-000347a4fa7d.html</url>
-      <url>http://studio.imagemagick.org/pipermail/magick-developers/2004-August/002011.html</url>
     </references>
     <dates>
       <discovery>2004-08-04</discovery>
@@ -1096,6 +1097,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
       <cvename>CAN-2004-0806</cvename>
       <mlist msgid="E1C0yA3-0002cc-00@newraff.debian.org">http://lists.debian.org/debian-devel-changes/2004/08/msg03421.html</mlist>
       <bid>11075</bid>
+      <url>http://secunia.com/advisories/12481</url>
     </references>
     <dates>
       <discovery>2004-08-28</discovery>